Protecting my JavaScript Code

I'm not JavaScript guru, but I've recently developed a fairly hefty application in JavaScript that my company is planning on distributing. Of course, as this application is written in JavaScript, the source code is readily available to whomever we distribute it to. We'd like to have some way of securing the code that I've written. I'm considering running it through some sort of obfuscation program to help protect the source code. Anyone have any suggestions on good applications that I might use for such a purpose, or have any other ideas on how I might protect my source? Thanks, Corey

obfuscation is the only way that you can go about doing this I can not recommend any programs since I never used any.... Another trick that I have used is to add a js file that links to your site. This js file can be left blank, you can check your sites logs and you can find out sites that are using the file. If you find anyone using it that is not supposed to then you can add code in that js file that can stop the program from running. This can easily be deleted by the person that took the code, but it can work... Eric

Corey McGlone
Ranch Hand

Joined: Dec 20, 2001
Posts: 3271

posted Apr 12, 2004 11:03:00

0

Thanks, Eric. I'ev been googling about this morning and I've found a number of obfuscators out there - I guess I'll just have to weed through them and see what I can find. Thanks, Corey

Generally speaking, there is no way to protect your code in JavaScript. You try my Web Code Expert tool just to test that statement. There is a trick I did. It affects the initial perfomance, but it is up to you to use it or not. Let say you have a way to encrypt a string and to decrypt a string with javascript, so you have to functions: function encrypt(str){ } function decrypt(str){ } Now, let say function with a name "mySecretFunction" is the one to be hidden. So, in a separate file, you use encrypt function, to encrypt that function definition, basically something like encrypt("function mySecretFunction(){here goes the body}") the string you get you use to create the following line instead of usual function definition: var a="that Encrypted String";eval(decrypt(a)); Now you can encrypt that line too - and so on. I did three iteration. You can make that more sofisticated, if you want.

Yuriy Fuksenko
Ranch Hand

Joined: Feb 02, 2001
Posts: 413

posted Apr 12, 2004 12:28:00

0

Here is an example of script viewing: Type the following in IE address bar to see all event handlers on a page:

After that, just copy the name of a function you ineterested in, and type in address bar: javascript:alert(functionName) or javascript:self.open("","").document.writeln(functionName); and you will see that function source code. Last variant is better if you need to copy/paste that function body.